How robust is your Password Management?

April 26, 2019 | Password, User Data

Do we ever forget or share security numbers of our safety lockers in banks where we keep our precious and valuable items for security? Or do we ever share ATM pins or internet banking credentials with anyone? Then why can’t we keep the same habit for securing digital identities?

We come across numerous stray incidents where passwords and credentials are stored or shared in common files. Even a global social media giant recently made a grievous mistake by storing the user credentials in a plain text format which was accessible to almost 20,000 employees. They admitted about this massive security breach resulting in leakage of almost 600 million users’ passwords. How can an organization risk our privacy and confidentiality such easily? We could never be able to figure out the number of accesses happened using those credentials and extent of breaches.

Now the obvious question which comes in our mind is how to overcome such impending IT risks. A password management policy can save us from this serious IT risk and embarrassments.

Data breaches or hacks of email accounts, social media accounts, among other kinds of critical information belonging to retail stores, government organizations, BFSI are now not unusual. Privileged credentials in most cases are targeted to get access.

How to overcome this challenge?

Amid rapidly increasing IT infrastructure, the onus of securing our credentials and mitigating the potential damage, starts first with the IT security team. ARCON | Privileged Access Management (PAM) offers two powerful tools: password vault and user authentication - that could significantly cut risks of identity and password compromise.

While Password Vault engine ensures that the passwords of the privileged accounts are securely stored and randomized so that there can not be any kind of guesses about the password pattern, multi-factor user authentication of Privileged Access Management (PAM) ensures that any privileged account is accessed through multiple layers of security validation steps. Such fool-proof mechanism mitigates risks of credentials compromise.

Moreover, with the regulatory compliance bodies being extremely stringent on the norms and policies with respect to data integrity, organizations will have to remain on their toes. For example, this social media giant (as mentioned above) could face penalties worth in billions under EU GDPR act for not following the basic rules.

Bottom line: Organizations should maintain a robust security framework for their IT infrastructure to abide by these regulatory standards such as EU GDPR, PCI DSS, HIPAA, SWIFT CSCF etc.